Mailing List Archive

On Sun, May 11, 2025 at 03:31:04PM +0300, Vitaliy Makkoveev wrote: > It is local to ipsp_acquire_sa(). OK bluhm@ > Index: sys/netinet/ip_spd.c > =================================================================== > RCS file: /cvs/src/sys/netinet/ip_spd.c,v > retrieving revision 1.120 > diff -u -p -r1.120 ip_spd.c > --- sys/netinet/ip_spd.c 17 Apr 2024 20:48:51 -0000 1.120 > +++ sys/netinet/ip_spd.c 13 May 2025 18:09:12 -0000 > @@ -888,7 +888,8 @@ ipsp_acquire_sa(struct ipsec_policy *ipo > > mtx_enter(&ipsec_acquire_mtx); > #ifdef IPSEC > - if (timeout_add_sec(&ipa->ipa_timeout, ipsec_expire_acquire) == 1) > + if (timeout_add_sec(&ipa->ipa_timeout, > + atomic_load_int(&ipsec_expire_acquire)) == 1) > refcnt_take(&ipa->ipa_refcnt); > #endif > TAILQ_INSERT_TAIL(&ipsec_acquire_head, ipa, ipa_next); > Index: sys/netinet/ipsec_input.c > =================================================================== > RCS file: /cvs/src/sys/netinet/ipsec_input.c,v > retrieving revision 1.213 > diff -u -p -r1.213 ipsec_input.c > --- sys/netinet/ipsec_input.c 13 May 2025 17:27:53 -0000 1.213 > +++ sys/netinet/ipsec_input.c 13 May 2025 18:09:12 -0000 > @@ -116,7 +116,7 @@ int ipsec_soft_timeout = IPSEC_DEFAULT_S > int ipsec_exp_timeout = IPSEC_DEFAULT_EXP_TIMEOUT; /* [a] */ > int ipsec_soft_first_use = IPSEC_DEFAULT_SOFT_FIRST_USE; /* [a] */ > int ipsec_exp_first_use = IPSEC_DEFAULT_EXP_FIRST_USE; /* [a] */ > -int ipsec_expire_acquire = IPSEC_DEFAULT_EXPIRE_ACQUIRE; > +int ipsec_expire_acquire = IPSEC_DEFAULT_EXPIRE_ACQUIRE; /* [a] */ > > int esp_enable = 1; > int ah_enable = 1; /* [a] */ > @@ -174,10 +174,10 @@ int ipsec_def_comp = IPSEC_COMP_DEFLATE; > > const struct sysctl_bounded_args ipsecctl_vars_locked[] = { > { IPSEC_ENCDEBUG, &encdebug, 0, 1 }, > - { IPSEC_EXPIRE_ACQUIRE, &ipsec_expire_acquire, 0, INT_MAX }, > }; > > const struct sysctl_bounded_args ipsecctl_vars[] = { > + { IPSEC_EXPIRE_ACQUIRE, &ipsec_expire_acquire, 0, INT_MAX }, > { IPSEC_EMBRYONIC_SA_TIMEOUT, &ipsec_keep_invalid, 0, INT_MAX }, > { IPSEC_REQUIRE_PFS, &ipsec_require_pfs, 0, 1 }, > { IPSEC_SOFT_ALLOCATIONS, &ipsec_soft_allocations, 0, INT_MAX }, > @@ -649,7 +649,6 @@ ipsec_sysctl(int *name, u_int namelen, v > case IPCTL_IPSEC_STATS: > return (ipsec_sysctl_ipsecstat(oldp, oldlenp, newp)); > case IPSEC_ENCDEBUG: > - case IPSEC_EXPIRE_ACQUIRE: > NET_LOCK(); > error = sysctl_bounded_arr(ipsecctl_vars_locked, > nitems(ipsecctl_vars_locked), name, namelen,

2025-05-11 12:31 Vitaliy Makkoveev:
ipsec: move `ipsec_expire_acquire' out of netlock
- 2025-05-13 19:18 Alexander Bluhm:
  ipsec: move `ipsec_expire_acquire' out of netlock
- 2025-05-13 23:00 Alexander Bluhm:
  ipsec: move `ipsec_expire_acquire' out of netlock